Example 76 with Subject
use of javax.security.auth.Subject in project jdk8u_jdk by JetBrains.
the class IPv6 method main.
public static void main(String[] args) throws Exception {
String[][] kdcs = { // These are legal settings
{ "simple.host", null }, { "simple.host", "" }, { "simple.host", "8080" }, { "0.0.0.1", null }, { "0.0.0.1", "" }, { "0.0.0.1", "8080" }, { "1::1", null }, { "[1::1]", null }, { "[1::1]", "" }, { "[1::1]", "8080" }, // Two illegal settings
{ "[1::1", null }, { "[1::1]abc", null } };
// Prepares a krb5.conf with every kind of KDC settings
PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf"));
out.println("[libdefaults]");
out.println("default_realm = V6");
out.println("kdc_timeout = 1");
out.println("[realms]");
out.println("V6 = {");
for (String[] hp : kdcs) {
if (hp[1] != null)
out.println(" kdc = " + hp[0] + ":" + hp[1]);
else
out.println(" kdc = " + hp[0]);
}
out.println("}");
out.close();
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.conf", "ipv6.conf");
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream po = new PrintStream(bo);
PrintStream oldout = System.out;
System.setOut(po);
try {
Subject subject = new Subject();
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
map.put("debug", "true");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useFirstPass", "true");
shared.put("javax.security.auth.login.name", "any");
shared.put("javax.security.auth.login.password", "any".toCharArray());
krb5.initialize(subject, null, shared, map);
krb5.login();
} catch (Exception e) {
// Ignore
}
po.flush();
System.setOut(oldout);
BufferedReader br = new BufferedReader(new StringReader(new String(bo.toByteArray())));
int cc = 0;
Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*");
String line;
while ((line = br.readLine()) != null) {
Matcher m = r.matcher(line.subSequence(0, line.length()));
if (m.matches()) {
System.out.println("------------------");
System.out.println(line);
String h = m.group(1), p = m.group(2);
String eh = kdcs[cc][0], ep = kdcs[cc][1];
if (eh.charAt(0) == '[') {
eh = eh.substring(1, eh.length() - 1);
}
System.out.println("Expected: " + eh + " : " + ep);
System.out.println("Actual: " + h + " : " + p);
if (!eh.equals(h) || (ep == null || ep.length() == 0) && !p.equals("88") || (ep != null && ep.length() > 0) && !p.equals(ep)) {
throw new Exception("Mismatch");
}
cc++;
}
}
if (cc != kdcs.length - 2) {
// 2 illegal settings at the end
throw new Exception("Not traversed");
}
}
Also used :
Krb5LoginModule(com.sun.security.auth.module.Krb5LoginModule)
Pattern(java.util.regex.Pattern)
HashMap(java.util.HashMap)
Matcher(java.util.regex.Matcher)
Subject(javax.security.auth.Subject)
Example 77 with Subject
use of javax.security.auth.Subject in project jdk8u_jdk by JetBrains.
the class ServiceCredsCombination method check.
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs) throws Exception {
Subject subj = new Subject();
for (Object obj : objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal) obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(a == null ? null : man.createName(r(a), null), GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a + ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a + ") is null " + ", but not one with name " + b);
}
}
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
GSSName(org.ietf.jgss.GSSName)
PrivilegedActionException(java.security.PrivilegedActionException)
Subject(javax.security.auth.Subject)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
KerberosKey(javax.security.auth.kerberos.KerberosKey)
GSSException(org.ietf.jgss.GSSException)
KeyTab(javax.security.auth.kerberos.KeyTab)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
Example 78 with Subject
use of javax.security.auth.Subject in project jdk8u_jdk by JetBrains.
the class CleanState method go.
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
final String name = OneKDC.USER;
final char[] password = OneKDC.PASS;
char[] badpassword = "hellokitty".toCharArray();
Map<String, String> map = new HashMap<>();
map.put("useTicketCache", "false");
map.put("doNotPrompt", "false");
map.put("tryFirstPass", "true");
Map<String, Object> shared = new HashMap<>();
shared.put("javax.security.auth.login.name", name);
shared.put("javax.security.auth.login.password", badpassword);
krb5.initialize(new Subject(), new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(name);
}
if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password);
}
}
}
}, shared, map);
krb5.login();
}
Also used :
Krb5LoginModule(com.sun.security.auth.module.Krb5LoginModule)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
HashMap(java.util.HashMap)
Subject(javax.security.auth.Subject)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Example 79 with Subject
use of javax.security.auth.Subject in project jdk8u_jdk by JetBrains.
the class ThreadPoolAccTest method main.
public static void main(String[] args) throws Exception {
ObjectName[] mbeanNames = new ObjectName[6];
ObservedObject[] monitored = new ObservedObject[6];
ObjectName[] monitorNames = new ObjectName[6];
Monitor[] monitor = new Monitor[6];
String[] principals = { "role1", "role2" };
String[] attributes = { "Integer", "Double", "String" };
try {
echo(">>> CREATE MBeanServer");
MBeanServer server = MBeanServerFactory.newMBeanServer();
for (int i = 0; i < 6; i++) {
mbeanNames[i] = new ObjectName(":type=ObservedObject,instance=" + i);
monitored[i] = new ObservedObject();
echo(">>> CREATE ObservedObject = " + mbeanNames[i].toString());
server.registerMBean(monitored[i], mbeanNames[i]);
switch(i) {
case 0:
case 3:
monitorNames[i] = new ObjectName(":type=CounterMonitor,instance=" + i);
monitor[i] = new CounterMonitor();
break;
case 1:
case 4:
monitorNames[i] = new ObjectName(":type=GaugeMonitor,instance=" + i);
monitor[i] = new GaugeMonitor();
break;
case 2:
case 5:
monitorNames[i] = new ObjectName(":type=StringMonitor,instance=" + i);
monitor[i] = new StringMonitor();
break;
}
echo(">>> CREATE Monitor = " + monitorNames[i].toString());
server.registerMBean(monitor[i], monitorNames[i]);
monitor[i].addObservedObject(mbeanNames[i]);
monitor[i].setObservedAttribute(attributes[i % 3]);
monitor[i].setGranularityPeriod(500);
final Monitor m = monitor[i];
Subject subject = new Subject();
echo(">>> RUN Principal = " + principals[i / 3]);
subject.getPrincipals().add(new JMXPrincipal(principals[i / 3]));
PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
public Void run() {
m.start();
return null;
}
};
Subject.doAs(subject, action);
}
while (!testPrincipals(monitored, monitorNames, monitor, principals)) ;
} finally {
for (int i = 0; i < 6; i++) if (monitor[i] != null)
monitor[i].stop();
}
}
Also used :
GaugeMonitor(javax.management.monitor.GaugeMonitor)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Subject(javax.security.auth.Subject)
ObjectName(javax.management.ObjectName)
StringMonitor(javax.management.monitor.StringMonitor)
StringMonitor(javax.management.monitor.StringMonitor)
CounterMonitor(javax.management.monitor.CounterMonitor)
Monitor(javax.management.monitor.Monitor)
GaugeMonitor(javax.management.monitor.GaugeMonitor)
PrivilegedAction(java.security.PrivilegedAction)
CounterMonitor(javax.management.monitor.CounterMonitor)
MBeanServer(javax.management.MBeanServer)
Example 80 with Subject
use of javax.security.auth.Subject in project jdk8u_jdk by JetBrains.
the class MoreThenOnePrincipals method Provider1.
@DataProvider
public Object[][] Provider1() {
Subject s1 = new Subject(false, Collections.EMPTY_SET, Collections.EMPTY_SET, CREDS);
s1.getPrincipals().add(new NTUserPrincipal("NTUserPrincipal-2"));
Subject s2 = new Subject(false, Collections.EMPTY_SET, Collections.EMPTY_SET, CREDS);
s2.getPrincipals().add(new NTUserPrincipal("NTUserPrincipal-1"));
return new Object[][] { { s1 }, { s2 } };
}
Also used :
NTUserPrincipal(com.sun.security.auth.NTUserPrincipal)
Subject(javax.security.auth.Subject)
DataProvider(org.testng.annotations.DataProvider)
Aggregations
Subject (javax.security.auth.Subject)669
Test (org.testng.annotations.Test)131
Test (org.junit.Test)122
HashMap (java.util.HashMap)120
Principal (java.security.Principal)114
HashSet (java.util.HashSet)109
Set (java.util.Set)82
EntitlementException (com.sun.identity.entitlement.EntitlementException)64
LoginContext (javax.security.auth.login.LoginContext)62
LoginException (javax.security.auth.login.LoginException)49
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)47
ResourceResponse (org.forgerock.json.resource.ResourceResponse)47
RealmContext (org.forgerock.openam.rest.RealmContext)46
Context (org.forgerock.services.context.Context)41
SSOToken (com.iplanet.sso.SSOToken)40
IOException (java.io.IOException)40
ClientContext (org.forgerock.services.context.ClientContext)40
Map (java.util.Map)38
SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)38
ResourceException (org.forgerock.json.resource.ResourceException)37
